Google Chrome Hacker Wins $60K at Pwnium

Google has updated its Chrome browser, fixing an issue that was first uncovered at the Pwnium browser hacking contest, which took place at the CanSecWest security conference in Vancouver this week.

Russian security researcher Sergey Glazunov won $60,000 for demonstrating his exploit, which was able to bypass Chrome's sandbox, at the hackathon solely focused on Chrome hacks.

Under the rules of the competition, Glazunoy was able to claim the prize for demonstrating a full Chrome exploit on a fully-patched system. Google was willing to pay out a total of $1 million in the competition.

“Congratulations again to community member Sergey Glazunov for the first submission to Pwnium,” wrote Jason Kersey of Google's Chrome team in a blog detailing the security update.

But Glazunoy is not the only hacker that has defeated Chrome's feted security features.

Google's Chrome was the first browser to fall at the annual browser hackathon, Pwn2Own, which is running in parallel with Pwnium. A security group from France, VuPen Security, demonstrated a sandbox exploit within five minutes of the competition's start – though, by the end of the first day, teams had successfully demonstrated hacks against Internet Explorer, Safari, and Firefox.

Google had withdrawn its sponsorship for Pwn2Own and set up the rival competition after realizing it wouldn't get the full details on some of the exploits being shown off at Pwn2Own.

Google won't be able to patch the browser until it confirms how the exploit worked.

Meanwhile, the latest Chrome update also fixes issues with some Flash games and videos.

The U.K. Supreme Court has granted permission in part for Google to appeal against a ruling relating to a dispute over the user information through cookies via use of the Apple Safari browser.
0 Comments